<%@ page language="java" contentType="text/html;charset=UTF-8" pageEncoding="UTF-8" %>
<%@ page import="org.apache.log4j.Logger" %>

<%!
public static String getIpAddr(HttpServletRequest request) {
    String ip = request.getHeader("X-Forwarded-For");
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getHeader("Proxy-Client-IP");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getHeader("WL-Proxy-Client-IP");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getHeader("HTTP_CLIENT_IP");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getHeader("HTTP_X_FORWARDED_FOR");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getRemoteAddr();
    }
    return ip;
}

%>

<%
Logger log = Logger.getLogger(this.getClass());
java.text.SimpleDateFormat formatter = new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
java.util.Date snow=new java.util.Date();
String now = formatter.format(snow); //将日期时间格局化
String ip=getIpAddr(request);
String phyPath = application.getRealPath(request.getRequestURI()); //页面对应物理路径
String tempBathPath= request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort() +""+ request.getContextPath()+"/";
String referer = request.getHeader("referer");


if (referer == null || !referer.startsWith("http://"+request.getServerName())){
	System.out.println("---------非法请求方法---------tempBathPath="+tempBathPath);
	request.setAttribute("loginMess", "非法请求，请通过本系统合法地址进行访问!");

    //记录系统管理操作日志1
    log.error("------非法访问来源："+referer);
    log.error("------非法访问时间："+now);
    log.error("------非法访问者ip："+request.getRemoteAddr()); // ip 或者 request.getRemoteAddr()
    log.error("------非法访问资源路径："+request.getRequestURI());

	//request.setAttribute("loginMess", "账号不存在!");
	%>
<script>
	window.parent.parent.location.href="<%=tempBathPath%>login";

</script>
	<%//如果上面的js不执行，就执行下面

}
else if(request.getSession().getAttribute("FREE_CURRENT_USER")==null){
	System.out.println("-----------sessionValidate.jsp session 超时，或者非法请求---------------tempBathPath="+tempBathPath);
    request.setAttribute("loginMess", "会话超时或者您的账号在另一个地方登录，您被迫下线，请重新登录!");
    //记录系统管理操作日志2
    log.error("------访问超时来源："+referer);
    log.error("------超时访问时间："+now);
    log.error("------超时访问者ip："+request.getRemoteAddr()); // ip 或者 request.getRemoteAddr()
    log.error("------超时访问资源路径："+request.getRequestURI());
	%>
	<script>
		window.parent.parent.parent.location.href="<%=tempBathPath%>login";

	</script>
		<%//如果上面的js不执行，就执行下面

}else{

    //记录系统管理操作日志3
    log.error("------访问来源："+referer);
    log.error("------访问时间："+now);
    log.error("------访问者ip："+ ip ); //ip或者request.getRemoteAddr()
    log.error("------访问资源路径："+ request.getRequestURI());
    //log.error("------访问资源物理路径："+phyPath);
    log.error("------访问者："+request.getSession().getAttribute("FREE_CURRENT_USER"));

}
%>
